The Moby Project - a collaborative project for the container ecosystem to assemble container-based systems
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
containerd image store: Fix a bug where docker image history
would fail if a manifest wasn't found in the content store. moby/moby#47348
Ensure that a generated MAC address is not restored when a container is restarted, but a configured MAC address is preserved. moby/moby#47304
Note
- Containers created with Docker Engine version 25.0.0 may have duplicate MAC addresses. They must be re-created.
- Containers with user-defined MAC addresses created with Docker Engine versions 25.0.0 or 25.0.1 receive new MAC addresses when started using Docker Engine version 25.0.2. They must also be re-created.
docker save <image>@<digest>
producing an OCI archive with index without manifests. moby/moby#47294
internal
network. moby/moby#47303
ipv6
daemon option was ignored. moby/moby#47310
journald
log driver preventing container logs from being followed correctly with systemd version 255. moby/moby47243
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
This release contains security fixes for the following CVEs affecting Docker Engine and its components.
CVE | Component | Fix version | Severity |
---|---|---|---|
CVE-2024-21626 | runc | 1.1.12 | High, CVSS 8.6 |
CVE-2024-24557 | Docker Engine | 24.0.9 | Medium, CVSS 6.9 |
Important ⚠️
Note that this release of Docker Engine doesn't include fixes for the following known vulnerabilities in BuildKit:
To address these vulnerabilities, upgrade to Docker Engine v25.0.2.
For more information about the security issues addressed in this release, and the unaddressed vulnerabilities in BuildKit, refer to the blog post. For details about each vulnerability, see the relevant security advisory:
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
This release contains security fixes for the following CVEs affecting Docker Engine and its components.
CVE | Component | Fix version | Severity |
---|---|---|---|
CVE-2024-21626 | runc | 1.1.12 | High, CVSS 8.6 |
CVE-2024-23651 | BuildKit | 1.12.5 | High, CVSS 8.7 |
CVE-2024-23652 | BuildKit | 1.12.5 | High, CVSS 8.7 |
CVE-2024-23653 | BuildKit | 1.12.5 | High, CVSS 7.7 |
CVE-2024-23650 | BuildKit | 1.12.5 | Medium, CVSS 5.5 |
CVE-2024-24557 | Docker Engine | 25.0.2 | Medium, CVSS 6.9 |
The potential impacts of the above vulnerabilities include:
For more information about the security issues addressed in this release, refer to the blog post. For details about each vulnerability, see the relevant security advisory:
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
docker run --rm
) are no longer forcibly removed on engine restart. moby/moby#46857
go1.20.13
. moby/moby#47054, docker/cli#4826, docker/docker-ce-packaging#975
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
host-gateway-ip
not working during build when not set through configuration. moby/moby#47192
addr
or ip
mount option. moby/moby#47185
start_interval
not being passed to the container config. moby/moby#47163
2.24.2
. docker/docker-ce-packaging#981
For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:
--log-format
flag to dockerd
to control the logging format: text (default) or JSON. moby/moby#45737
docker image ls --filter=until=<timestamp>
. moby/moby#46577
ValidateRestartPolicy
. moby/moby#46352
/info
endpoint to use singleflight. moby/moby#45847
-f
, and also using stdin
. docker/cli#4346
mac-address
and link-local-ip
fields in --network
long format. docker/cli#4419
--network
flags with docker container create
and docker run
. moby/moby#45906
docker run --rm
) are no longer forcibly removed on engine restart. moby/moby#46857
Downloading
progress message on image pull. moby/moby#46515
NetworkConnect
and ContainerCreate
with improved data validation, and return all validation errors at once. moby/moby#46183
com.docker.network.host_ipv4
option when IPv6 and ip6tables are enabled. moby/moby#46446
cleanupContainer
if containerd is stopped. moby/moby#46213
userland-proxy-path
daemon configuration option. Validation now happens during daemon startup, instead of producing an error when starting a container with port-mapping. moby/moby#47000
docker image save
tarball output is now OCI compliant. moby/moby#44598
ACCEPT
rules to the end of the INPUT
iptables chain for encrypted overlay networks. Depending on firewall configuration, a rule may be needed to permit incoming encrypted overlay network traffic. moby/moby#45280
--ip-range
is larger than --subnet
. moby/moby#45759
push
, pull
, and save
. moby/moby#46405
ONBUILD
, MAINTAINER
, and HEALTHCHECK
Dockerfile instructions. moby/moby#46313
Pulling from
progress message. moby/moby#46494
sha256:
prefix. moby/moby#46435
docker images
showing intermediate layers by default. moby/moby#46423
ADD
or COPY
instructions were used with the classic builder. moby/moby#46383
docker pull
progress output. moby/moby#46412
UpdateConfig
. moby/moby#46433
docker image ls
now shows the correct image creation time and date. moby/moby#46719
docker pull -a
). moby/moby#46618
2.24.1
. docker/docker-ce-packaging#980
GET /images/json
and GET /images/{id}/json
endpoints. moby/moby#45469
devicemapper
storage driver. moby/moby#43637
--oom-score-adjust
daemon option. moby/moby#45484
~/.dockercfg
file. docker/cli#4281
logentries
logging driver. moby/moby#46925
IsAutomated
field and is-automated
filter for docker search
. Deprecation notice
Container
and ContainerConfig
properties for /images/{id}/json
(docker image inspect
). moby/moby#46939
This is a pre-release of the upcoming 25.0.0 release.
Pre-releases are intended for testing new releases: only install in a test environment!
curl -fsSL https://get.docker.com -o get-docker.sh
sudo CHANNEL=test sh get-docker.sh
LimitNOFILE
which on older versions of systemd, such as used by CentOS 7 is very low and may limit the number of containers that can be run. Set LimitNOFILE=1048576
to get the previous behavior.Bugs and regressions can be reported in these issue trackers:
When reporting issues, include [25.0.0-rc]
in the issue title
This is a pre-release of the upcoming 25.0.0 release.
Pre-releases are intended for testing new releases: only install in a test environment!
curl -fsSL https://get.docker.com -o get-docker.sh
sudo CHANNEL=test sh get-docker.sh
LimitNOFILE
which on older versions of systemd, such as used by CentOS 7 is very low and may limit the number of containers that can be run. Set LimitNOFILE=1048576
to get the previous behavior.Bugs and regressions can be reported in these issue trackers:
When reporting issues, include [25.0.0-rc]
in the issue title
This is a pre-release of the upcoming 25.0.0 release.
Pre-releases are intended for testing new releases: only install in a test environment!
curl -fsSL https://get.docker.com -o get-docker.sh
sudo CHANNEL=test sh get-docker.sh
LimitNOFILE
which on older versions of systemd, such as used by CentOS 7 is very low and may limit the number of containers that can be run. Set LimitNOFILE=1048576
to get the previous behavior.Bugs and regressions can be reported in these issue trackers:
When reporting issues, include [25.0.0-rc]
in the issue title